Software Engineer, Security

About the role

Notion is the collaborative AI workspace where teams and agents think together . We're building one place where your knowledge, projects, meetings, and AI tools live side by side, so work feels faster, clearer, and less fragmented. Millions of individuals, small teams, and large companies run their work on Notion. Notinos (our employees) are customer zero in bringing this future of work to life. We care about craft, humanity, and building things that last - not just shipping the next feature, but setting a standard for how modern teams (with humans and agents working together) think and execute. Notion helps you build beautiful tools for your life's work. In today's world of endless apps and tabs, Notion provides one place for teams to get everything done, seamlessly connecting docs, notes, projects, calendar, and email-with AI built in to find answers and automate work. Millions of users, from individuals to large organizations like Toyota, Figma, and OpenAI, love Notion for its flexibility and choose it because it helps them save time and money. In-person collaboration is essential to Notion's culture. We require all team members to work from our offices on Mondays, Tuesdays, and Thursdays, our designated Anchor Days. Certain teams or positions may require additional in-office workdays. We are hiring an experienced security engineer with 10+ years of experience to own cross-cutting programs at the intersection of product, infrastructure, and AI. You will be hands-on with core security primitives while coordinating across 5-10+ engineering teams to land multi-quarter changes safely-often in customer-facing, enterprise-critical surfaces (identity, authz, domain posture, and AI agent safety). In this role, you will be the primary owner for key authentication migrations, AI guardrail infrastructure, and authorization platform direction-work that directly unblocks enterprise security commitments, AI-agent launches, and the next milestone in our authz architecture. What You'll Achieve: Modernize and migrate authentication across Notion's product surfaces (SAML/OIDC, OAuth flows, session semantics, passkeys, CSP, redirect handling), landing multi-quarter changes with clear rollout plans and minimal customer disruption. Build and operate Notion's AI safety guardrail stack , including prompt-injection protections (vendor evaluation, deployment model decisions, integration with agents) and an external-source provenance system for AI-generated content across Mail, Calendar, and MCP. Advance our authorization platform direction by driving crisp architectural trade-offs (e.g., SpiceDB vs. Macaroons) and shipping reusable primitives that product teams can adopt without bespoke security work. By day 90: own one P0 security program end-to-end-RFC, rollout plan, partner alignment, execution, and measurable risk reduction-plus ship one piece of AI leverage (e.g., an internal security agent for triage/verification/continuous checks) that improves correctness and reduces time-to-resolution. By end of year 1: raise the bar on security engineering craft by setting clearer standards for secure primitives (auth/authz, provenance, domain posture), improving adoption paths for partner teams, and reducing recurring classes of vulnerabilities through better systems-not heroics. Skills You'll Need to Bring: Demonstrated ability to ship security-critical infrastructure in production systems (identity/authentication, authorization, platform primitives), including migrations that affect customers and require careful rollout and backwards compatibility. Strong judgment navigating ambiguous trade-offs (security vs. product velocity, correctness vs. ergonomics, centralized platforms vs. local autonomy), with a track record of writing clear RFCs and aligning cross-functional stakeholders. Experience building or operating AI/LLM security protections (e.g., prompt injection, tool/data provenance, policy enforcement) or a clear ability to ramp quickly and lead in an emerging domain. High agency and systems mindset: you proactively find the real constraint, unblock partner teams, and build primitives that compound across the org (not one-off fixes). Comfort mentoring and multiplying others-through intern/project ownership, enablement sessions, and pragmatic security guidance that engineers actually adopt. We hire talented and passionate people from a variety of backgrounds because we want our global employee base to represent the wide diversity of our customers. If you're excited about a role but your past experience doesn't align perfectly with every bullet point listed in the job description, we still encourage you to apply. If you're a builder at heart, share our company values, and enthusiastic about making software toolmaking ubiquitous, we want to hear from you. Notion is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on rac

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at notion? Share your experience